Making gpgcheck configurable for RDO repo

Currently, gpgcheck flag is not configurable and is always enabled by
default. For certain use cases, for example, using these cookbooks in
production where internet access is restricted, we need to disable
gpgcheck.

This commit makes the gpgcheck configurable so that users can override
it if needed.

Change-Id: I10620f2d5adc240fda6273680638d0429260b9cc
Related-Bug: #1417119

CHANGELOG.md

@@ -16,6 +16,7 @@ This file is used to list changes made in each version of cookbook-openstack-com
 * Removed all ceph logic
 * Allow different URLs for internal, public, admin endpoints (bug 1412919)
 * Cleanup CHEF-3694 warnings
+* Allow disabling GnuPG signature check for RDO repo
 
 ## 10.1.0
 * Adding identity admin bind host endpoint to allow flexibility and consistency

attributes/default.rb

@@ -124,7 +124,8 @@ default['openstack']['zypp']['uri'] = 'http://download.opensuse.org/repositories
 default['openstack']['yum']['rdo_enabled'] = true
 default['openstack']['yum']['uri'] = 'http://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7'
 default['openstack']['yum']['repo-key'] = 'https://raw.githubusercontent.com/redhat-openstack/rdo-release/master/RPM-GPG-KEY-RDO-Juno'
-
+# Enforcing GnuPG signature check for RDO repo. Set this to false if you want to disable the check.
+default['openstack']['yum']['gpgcheck'] = true
 # ======================== OpenStack Endpoints ================================
 #
 # OpenStack recipes often need information about the various service

recipes/default.rb

@@ -57,6 +57,7 @@ when 'rhel'
     description "OpenStack RDO repo for #{node['openstack']['release']}"
     gpgkey node['openstack']['yum']['repo-key']
     baseurl node['openstack']['yum']['uri']
+    gpgcheck node['openstack']['yum']['gpgcheck']
     enabled true
     action repo_action
   end

spec/default-redhat_spec.rb

@@ -11,7 +11,7 @@ describe 'openstack-common::default' do
       runner.converge(described_recipe)
     end
 
-    context 'enabling RDO' do
+    context 'enabling RDO with gpgcheck enabled' do
       before do
         node.set['openstack']['yum']['rdo_enabled'] = true
       end
@@ -20,6 +20,23 @@ describe 'openstack-common::default' do
         # Using cookbook(yum) LWRP custom matcher
         # https://github.com/sethvargo/chefspec#packaging-custom-matchers
         expect(chef_run).to add_yum_repository('RDO-testrelease')
+          .with(gpgcheck: true)
+      end
+
+      it 'includes yum-epel recipe' do
+        expect(chef_run).to include_recipe('yum-epel')
+      end
+    end
+
+    context 'enabling RDO with gpgcheck disabled' do
+      before do
+        node.set['openstack']['yum']['rdo_enabled'] = true
+        node.set['openstack']['yum']['gpgcheck'] = false
+      end
+
+      it 'adds RDO yum repository' do
+        expect(chef_run).to add_yum_repository('RDO-testrelease')
+          .with(gpgcheck: false)
       end
 
       it 'includes yum-epel recipe' do